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2 (57) Abstract: A method for verifying the security of a message (Msg) transmitted and received in electronic form comprises on 
w the transmitting side the steps of associating with the message a univocal message identifier (IDMsg) and a message owner identity 
^ checking identifier (IDCR) which is obtained by applying to the univocal message identifier (IDMsg) an encoding (12) associated 
with the owner of the message to be transmitted. On the receiving side the method comprises the steps of verification and signaling 
Q of the fact of having or not having already received a message with the same univocal message identifier (IDMsg) associated and as- 
^ certaining agreement between the univocal message identifier (IDMsg) associated with the received message and the result (IDDCR) 
1^ of a decoding of the checking usemame (IDCR). A verification system and device in accordance with the method are also discussed. 
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"METHOD MUD DEVICES FOR PERFORMING SECURITY CONTROL IN 
ELECTRONIC MESSAGE EXCHANGES" 



The present invention relates to a method and devices for 
5 performing security control in electronic message exchanges 
and in particular for monetary transactions such as those 
made with credit or debit cards and the like. 
Security problems in the exchange of messages in electronic 
form and especially over intrinsically unsafe networks like 
10 for example the networks making up Internet are known. 

Among the various problems there can be listed the 
possibility that someone might generate messages (in 
particular, monetary transaction requests) by falsifying 
the owner of the message and the possibility that actual 
15 messages might be duplicated to obtain that a request 
contained in the message be met again. 

In the prior art it has been sought to remedy some aspects 
of these problems/ for example by introducing systems like 
the so-called 'electronic signature' which however allows 

20 having reasonable certainty of the identity of the owner of 
the message but not of the uniqueness of the message. 
Known systems are however in general complicated and 
difficult to apply and/or they generate an overload in the 
processing and/or transmission of messages which are not 

25 always acceptable and especially in the case of 
applications which they produce and must manage a high 
number of message in relatively short times such as for 
example with monetary transactions by credit or debit card 
and especially if used to pay for goods or services on 
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internet or in stores having POS terminals or the like. 
The general purpose of the present invention is to remedy 
the above mentioned shortcomings by making available a 
method and devices for security verification in the 
5 exchange of messages electronically which would be fast, 
easy to apply and intrinsically reliable. 

In view of this purpose it was sought to provide in 
accordance with the present invention a method for 
verifying the security of a message transmitted and 

10 received in electronic form which on the transmitting side 
comprises the steps of associating with the message for its 
later security verification a univocal message identifier 
and an identifier for control of the identity of the owner 
of the message with the control identifier being obtained 

15 by applying to the univocal message identifier an encoding 
associated with the owner of the message to be transmitted, 
and on the receiving side for security verification of a 
received message comprises the steps of verification and 
signaling of the fact of having or not having already 

20 received a message with the same univocal identifier of the 
associated message, applying a decoding associated with a 
supposed owner of the received message to the checking 
identifier of the owner associated with the received 
message, and ascertaining and signaling the agreement or 

25 not between the univocal message identifier associated with 
the received message and proven to be said decoding of the 
control username. 

Again in accordance with the present invention it was 
sought to realize a system for safety verification of a 
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message transmitted and received in electronic form 
comprising on the transmitting side a univocal username 
generator of a message r and an encoding device receiving 
the message username produced by the generator and encoding 
5 it in accordance with a code associated with the owner of 
the message to be transmitted to obtain therefrom an 
identifier for checking the identity of the message owner, 
and transmission means associating with the message to be 
transmitted the checking identifier and the univocal 

10 message identifier obtained, and on the receiving side 
comprises for safety verification of a received message a 
checking device which verifies and signals that the message 
identifier associated with the received message has of has 
not been received previously, and a decoding device which 

15 receives the owner checking identifier associated with the 
received message and applies thereto a decoding associated 
with a supposed owner of the received message, and 
verification means which ascertain and signal the agreement 
or not of the univocal message identifier with the result 

20 of the decoding of the checking username. 

Again in accordance with the present invention it was also 
sought to realize a device for association of security 
verification factors with a message transmitted in 
electronic form characterized in that it comprises a 

25 univocal message username generator, an encoding device 
receiving the message username produced by the generator 
and encoding it in accordance with a code associated with 
the owner of the message to be transmitted to obtain 
therefrom an identifier for checking the identity of the 
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message owner, and means which associate with the message 
to be transmitted the checking identifier and the univocal 
• message identifier obtained. 
To clarify the explanation of the innovative principles of 
5 the present invention and its advantages compared with the 
prior art there is described below with the aid of the 
annexed drawings a possible embodiment thereof by way of 
non-limiting example applying said principles. In the 
drawings : 

10 FIG 1 shows a block diagram of a device or part on the 
transmitting side of a security verification system 
realized in accordance with the present invention, 
FIG 2 shows a block diagram of a device or part on the 
receiving side of a security verification system realized 

15 in accordance with the present invention, and 

FIG 3 shows diagrammatically a possible combination of 
information in accordance with the method of the present 
invention . 

With reference to the figures, FIG 1 shows the part on the 
20 transmitting side designated as a whole by reference number 
10 of a security system realized in accordance with the 
present invention. This part or device 10 comprises a 
generator 11 for generation of a univocal message username 
(designated by IDMsg) and an encoding device 12 which 
25 receives the message username IDMsg produced by the 
generator and encodes it to obtain an encoded version 
thereof called here identifier IDcr which will be usable as 
clarified below as the identifier for checking the identity 
of the message owner. 
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The device 10 is associated with a known system 13 (not 
described here as it is well known and readily imaginable 
to those skilled in the art) for production of messages Msg 
to be transmitted and of which it is wished to ensure the 
security offered by the present invention. These messages 
can be conventional electronic messages for management of 
monetary transactions of, for example, a credit or debit 
card circuit. 

The generator 11 is a known generator of single keys. It 
can be realized either as hardware or software, for example 
the known QUID generator of Microsoft. Its main operational 
principle is based on the random generation of a key or ID 
sufficiently long to make the probability of generating two 
identical keys practically zero. For each message to be 
sent, the generator therefore produces an identifier which 
can be represented by a sequence of bits, numbers, 
characters et cetera and which is the only one and will 
never be used again. This ensures that no "twin" keys 
exist. 

The ID of the message (which can also be called LEFT KEY) 
is surely to be understood therefore as a key but produced 
before and thus a new key. 

The encoding device 12 encodes the lOwsg so as to obtain a 
username IDcr containing the ID„8g in a concealed manner 
making it possible if the correct decoding is known to go 
back to it or at least to a representation thereof allowing 
knowing whether IDcr was really created by correct encoding 
of IDMsg. The IDcr can also be called RIGHT KEY. 
With a message Msg are thus associated the two usernames 
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(unique for each message) lD„3g and IDcr. As clarified below, 
the former allows knowledge of the uniqueness of a message 
while the second allows having confirmation of the identity 
of the owner who produced the message or to whom it refers. 
Indeed, encoding of lD„sg in IDcr is done in accordance with 
a code which was previously associated with the owner of 
the message to be transmitted. For example it is 
advantageous that the encoding and the following 
corresponding decoding be realized as encryption and 
decryption operations with a key and with a particular key 
or algorithm associated with the particular owner of the 
message. In particular, such encryption and decryption can 
be advantageously of the known public/private key type in 
which the encryption is done by the encoding device 12 
using the private secret key of the owner who sends the 
message or to whom it refers. 

Once the usernames to be associated with the message are 
obtained they can be sent to the receiving part of the 
system through a suitable known transmission means, for 
example internet, dedicated networks, telephone lines et 
cetera. The transmission means and the paths followed by 
the various usernames and the message can be the same for 
all or different from each other depending on specific 
requirements or desires. 

ID„sg and iDcR can also be assembled in a single compound 
identifier iDt which can also be called SUPER KEY = LEFT 
KEY + RIGHT KEY. 

If a single transmission means is used, the usernames and 
the message can be assembled in a single total mSGt 
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message. All this is shown clearly in FIG 3. If desired, 
this total message can be in turn encrypted in accordance 
with known techniques. 

In one embodiment of the present invention the message is 
also associated with a username IDowner, unique for each 
possible owner of the message to be transmitted. For 
example, in case of a transaction by credit card said 
IDowner Can be the card number. This IDowner can be produced 
or extracted by means 14, for example a programmed 
electronic memory, manual input means or reading means of 
owner data contained on a card used in the transaction. 
This IDowier can also be used to control correct encoding in 
the encoding device 12. 

Known methods of combination of the various parts and 
15 possible known transmission codifications even dependent on 
the particular means of transmission and even desired for 
implementation of additional security levels can be used. 
All this is readily imaginable to those skilled in the art 
and is not further discussed or shown. 

FIG 2 shows the part designated as a whole by reference 
number 16 of the system in accordance with the present 
invention present on the message receiving side. 
To verify the security of a received message (Msg) (which 
can be processed in accordance with the intended use of the 
message by any known processing system 17, for example a 
transaction manager not further discussed here, said 
receiving part 16 comprises a control device 18 to 
recognize whether an lD„sg associated with a received 
message has not been received previously. For recognition. 
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the device 18 manages an archive of previously used IDs 19. 
Every time an IDMsg arrives the device checks in the archive 
19 whether it has already been memorized and issues a 
corresponding ID acceptable or unacceptable signal 20. If 
the ID has not been used yet the associated message is 
considered new and the ID is memorized in the archive to 
prevent future new use. 

The receiving part 16 also comprises a decoding device 21 
which receives the control identifier of the owner IDcr 
associated with the received message and applies to it a 
decoding associated with a supposed owner of the received 
message. At outlet from the decoder an identifier IDdcr is 
thus obtained. The decoding is realized in such a manner 
that there is a predetermined agreement between iDMsg and 
IDdcr if the IDcr had been obtained for encoding of the IDMsg 
by the method associated with the message owner. 
Verification means 22 receive the IDMsg and IDdcr and 
ascertain and signal with a signal 23 the existence or not 
of said predetermined agreement. If there is agreement the 
message can be considered as belonging to its legitimate 
owner. If both the conditions at the outlets 20 and 23 are 
verified positively the device 16 emits a positive 
verification signal 24 and the message Msg associated with 
the usernames received can be considered acceptable on the 
basis of the security verification in accordance with the 
present invention. 

As may be seen again in FIG 2, the agreement signal 23 can 
also be sent to the sole ID recognizer 18 so as to inhibit 
memorization of the message ID among the IDs already used 
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in case agreement between IDMsg and IDcr is not found. This 
avoids useless memorization of 'false' IDs among the IDs 
already used. The decoding device 21 will usually operate 
in reverse of the encoding device 12 in such a manner that 
5 if the encoder 12 obtains a certain IDcr from a specific 
IDMsg the decoder will again obtain the same IDMsg starting 
form the IDcr. In this case the agreement verification made 
by the device 22 will be a verification of sameness among 
received IDMsg and decoded IDcr. 
10 If, as mentioned above, the encoder makes a key encryption 
the decoder will make a corresponding key decryption. The 
keys associated with the owners will be memorized in a 
purposeful key archive 25. 

For example if the encryption system chosen is with 
15 public /private key, the decoder will perform a decryption 
as called for by said known system by using the appropriate 
key corresponding to the owner associated with the message • 
In accordance with one aspect, of the present invention, if 
on the transmitting side the above mentioned owner 
20 identifier (IDowier) is also associated with the message, on 
the receiving side the decoding to be applied can 
advantageously be selected from among a plurality of 
possible decodings on the basis of the owner identifier 
associated with the received message. Selection of the 
25 right key from the archive 25 thus becomes much faster 
since the IDowner is supplied to the decryption device 21 as 
a search index for the right key in the key archive 25. 
It is now clear that it is possible to realize a device 10 
for association of safety verification factors with a 
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message transmitted in electronic form and a system 10, 16 
for a security verification of a message transmitted and 
received in electronic form and a method for a security 
verification of a message transmitted and received in 
electronic form. 

As readily imaginable to those skilled in the art, the 
practical realization can be totally software, totally 
hardware or mixed. 

The device 10 can also be realized in portable form (for 
example a smart card) to be supplied for example to a 
credit card owner who can thus generate an IDj or SUPER KEY 
to be supplied together with the other data (amount to be 
debited thereto, card niimber et cetera) for payment by 
card. These data can be considered the message MSG and if 
necessary encrypted in accordance with a known system. 
As an alternative the device could be kept at the store 
where the purchase is made and the card owner could input 
therein in a reserved manner the encoding key for 
production of the RIGHT KEY part of the SUPER KEY which 
would thus be generated by the apparatus. 

The security of the system in accordance with the present 

invention is evident from the above description. 

The SUPER KEYS are to be considered public as they are 

transmitted over channels which are intrinsically unsafe 

but which conceal within them in protected mode the 

univocity of both the message and the owner. 

An organization supplying the above mentioned service could 

supply to the customer an adequate hardware and/or software 

support (even directly integrated in an 'intelligent' 
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credit card) and by means of this support the customer 
would be able to send the SUPER KEY generated through 
either a private or a public position. The SUPER KEY can 
cover (in the example of the monetary transaction) the same 
steps covered by the information of the normal credit or 
debit card. The SUPER KEY once used is recorded in the 
database of the organization and thus becomes inactive. 
Whoever tried to reuse it would nullify the request and 
interception of the SUPER KEY is thus useless. The SUPER 
KEY can also be understood as 'single use' identification. 
A dishonest user could refuse to use his own unique key 
generator but steal one of the keys already produced by 
another user and create a twin thereof. The key would 
however be unusable because each time a user makes a 
transaction by using the generator of unique keys, the key 
generated is added to the list present in the 
organization's database. The database contains the list of 
all the LEFT KEYS produced over time and only LEFT KEYs, 
not RIGHT or SUPER KEYS, and ensures that the keys already 
produced are unusable. The predetermined biunivocal 
agreement between the user and the corresponding algorithm 
or encoding/decoding key with the corresponding archive of 
keys and/or algorithms with the organization ensures the 
possibility for the organization to really distinguish two 
users and reject counterfeit requests or messages. Since 
the message uniqueness identifier reaches the organization 
both in clear and encoded form it is impossible to falsify 
only the message uniqueness identifier within a SUPER KEY. 
Naturally the above description of an embodiment applying 
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the innovative pri;iciples of the present invention is given 
by way of non-limiting example of said principles within 
the scope of the exclusive right claimed here. 
For example the message MSG can be of any known type^ even 
5 encrypted, to be decrypted upon arrival in accordance with 
any known method. These operations can also be performed by 
the Scune devices 12, 21 which encode and decode the message 
identifier. 

The message identifier can also be assembled with the 
10 message before encoding and the encoding can then be 
performed on the result of the assembly to have an 
identifier IDcr incorporated in encrypted form in the 
transmitted message to then be decoded and extracted on the 
receiving s ide . 

15 The owner identifier can be a specific identifier assigned 
by the manager of the service or a unique already existing 
identifier chosen conventionally. For example in the case 
of a natural person owner, his taxpayer's code number, 
driving license number, credit card number et cetera may be 

20 used. 
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CLAIMS 

1. Method for security verification of a message (Msg) 
transmitted and received in electronic form which: 

on the transmitting side comprises the steps of 
5 associating with the message for its subsequent 

security verification a univocal message identifier 
(IDMsg) and an identifier (IDcr) for checking the 
identity of the message owner with the checking 
identifier (IDcr) being obtained by applying to the 
10 univocal message identifier (IDMsg) a coding 

associated with the owner of the message to be 
transmitted, and 

on the receiving side for security verification 
of a received message (Msg) comprises the steps of: 
15 - verifying and signaling the fact of having 

or not having received a message previously 
with the same univocal message identifier 
(IDMsg) associated, 

applying a decoding associated with a 
20 supposed owner of the received message to the 

checking identifier of the owner (IDcr) 
associated with the received message, and 

ascertaining and signaling the agreement or 
not between the univocal message identifier 
25 (IDMsg) associated with the received message and 

the result (IDdcr) of said decoding of the 
checking username (IDcr). 

2 . Method in accordance with claim 1 in which before 
transmission the univocal message identifier (IDHsg) and the 
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identifier (IDcr) for checking the identity of the message 
owner are assembled in a unique compound identifier (IDt). 

3. Method in accordance with claim 1 in which on the 
transmitting side at least the checking identifier (IDcr) 

5 is assembled with the message and transmitted therewith. 

4. Method in accordance with claim 3 in which the 
assembling takes place by inserting the message identifier 
(IDMsg) in the message (Msg) and applying the coding to the 
result of the insertion. 

10 5. Method in accordance with claim 1 in which on the 
transmitting side, with the message to be transmitted is 
also associated an owner identifier (IDowner) and on the 
receiving side the decoding to be applied is selected from 
among a plurality of possible decodings on the basis of the 

15 owner identifier (IDowner) associated with the received 
message. 

6. Method in accordance with claim 1 in which the coding 
and decoding are keyed encryption and decryption 
operations . 

20 7. Method in accordance with claim 3 in which encryption 
and decryption are the type with public /private key. 

8. Method in accordance with claim 1 in which 
ascertainment of the agreement between univocal message 
identifier (IDMsg) associated with the message received and 

25 the result of the decoding of the checking username (IDcr) 
consists of verifying the sameness between said univocal 
message identifier (IDMsg) and the result of the decoding of 
the checking username (IDcr). 

9. System for a safety verification of a message (Msg) 
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transmitted and received in electronic form and comprising: 
on the transmitting side: 

a univocal message username generator 

(IDMsg)f 

5 - an encoding device which receives the 

message userncuae (IDMsg) produced by the 
generator and codifies it in accordance with a 
code associated with the owner of the message 
to be transmitted to obtain therefrom an 
10 identifier (IDcr) for checking the identity of 

the message owner, 

transmission means which associate with the 
message to be transmitted the checking 
identifier (IDcr) and the univocal message 
15 identifier (IDHsg) obtained , 

on the receiving side for security verification 
of a received message (Msg) : 

a control device which verifies and signals 
that the message identifier (IDMsg) associated 
20 with the received message has or has not been 

received previously, 

a decoding device which receives the owner 
checking identifier (IDcr) associated with the 
received message and applies thereto a decoding 
25 associated with a supposed owner of the 

received message, 

verification means which ascertain and 
signal the agreement or not of the univocal 
message identifier (IDMsg) with the result of 
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the decoding of the checking username (IDcr). 

10. System in accordance with claim 8 characterized in that 
the encoding and decoding devices are keyed encryption and 
decryption devices . 

11. System in accordance with claim 9 characterized in that 
the encryption and decryption devices are the 
public/private key type. 

12. Device for association of security verification factors 
with a message transmitted in electronic form characterized 
in that it comprises: 

a univocal message username generator (IDnsg)/ 
an encoding device which receives the message 
username (IDMsg) produced by the generator and 
encodes it in accordance with a code associated 
with the owner of the message to be transmitted to 
obtain therefrom an identifier (IDcr) for checking 
the identity of the message owner, 

means which associate with the message to be 
transmitted the checking identifier (IDcr) and the 
univocal message identifier (IDMsg) obtained. 

13. Device in accordance with claim 12 characterized in 
that the encoding device is a keyed encryption device. 

14. Device in accordance with claim 12 characterized in 
that it issues a compound identifier (IDt) made up of the 
combination of the univocal message identifier (IDMsg) and 
the identifier (IDcr) for checking the identity of the 
message owner. 
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